<?php
include 'dbconfig.php'; 
mysql_select_db($db, $con);

if (isset($_POST['course_input']))
	$strSearchVal = mysql_real_escape_string($_POST['course_input']);
else 
    $strSearchVal="info";

//$query = 'SELECT * FROM course_templates JOIN course_instances ON (course_templates.cid=course_instances.cid) WHERE (Name LIKE \'%'. $strSearchVal . '%\')';
$query = 'SELECT * FROM course_templates WHERE (Name LIKE \'%'. htmlentities($strSearchVal) . '%\') ORDER BY comp DESC';
$result = mysql_query($query);

echo "<ul>";
while ($arrThisRow = mysql_fetch_array($result)) {
	echo '<li id="'.$arrThisRow['cid'].'"><span class="informal">';

	if ($arrThisRow['comp']) 
		echo '<img width="12" height="12" src="bin/badge-'.$arrThisRow['comp'].'.png">';
	else 
		echo '<span class="imgplaceholder">&nbsp;</span>';
		
	if ($arrThisRow['area1'])
		echo '<img width="12" height="12" src="bin/badge-'.$arrThisRow['area1'].'.png">';
	else 
		echo '<span class="imgplaceholder">&nbsp;</span>';

	echo '</span><span class="coursename">' . $arrThisRow['name'] . '</span></li>';
}
echo "</ul>";

mysql_close($con);

?>